Methods and apparatus are provided for generating a garbled circuit for a client in a leakage-resilient manner, for use in secure function evaluation between the client and a server. The garbled circuit is generated by obtaining a token from the server, wherein said token comprises a leakage-protected area; querying the token gate-by-gate, wherein for each gate of said garbled circuit, the token interacts with the leakage-protected area to generate a garbled table for the gate; and receiving the garbled circuit from the token. The client can interact with the server to obtain garbled inputs; and then evaluate the garbled circuit on the garbled inputs to obtain a garbled output. A final output can be obtained by matching the garbled output with an output table in the garbled circuit.
|
19. An apparatus, comprising:
an integrated circuit; and
a leakage-protected subset of the integrated circuit,
wherein the integrated circuit is configured to receive a query, and in response to said query, to interact with the leakage-protected subset of the integrated circuit to generate a garbled table for a gate g of a garbled circuit with input wires and output wires and used for secure function Evaluation (SFE), wherein the garbled circuit is generated based on a random correspondence between wire values and their garblings that is unknown to the apparatus.
1. A method, comprising:
generating a garbled circuit for secure function Evaluation (SFE) by querying a hardware token gate-by-gate, said hardware token comprising a leakage-protected area, wherein for each gate g of the garbled circuit with input wires and output wires, the hardware token interacts with the leakage-protected area of the token to generate a garbled table for the gate g, and wherein the generating is based on a random correspondence between wire values and their garblings that is unknown to the hardware token; and
receiving the garbled circuit from the hardware token.
12. An apparatus comprising:
a memory; and
at least one hardware device, coupled to the memory, operative to:
communicate with a hardware token, wherein said hardware token comprises a leakage-protected area;
query the hardware token gate-by-gate, wherein for each gate g of a garbled circuit with input wires and output wires and used for secure function Evaluation (SFE), the hardware token interacts with the leakage-protected area to generate a garbled table for the gate g, wherein the garbled circuit is generated based on a random correspondence between wire values and their garblings that is unknown to the hardware token; and
receive the garbled circuit from the hardware token.
2. The method of
3. The method of
4. The method of
5. The method of
6. The method of
7. The method of
8. The method of
9. The method of
10. The method of
13. The apparatus of
14. The apparatus of
15. The apparatus of
16. The apparatus of
17. The apparatus of
18. The apparatus of
20. The apparatus of
21. The apparatus of
22. The apparatus of
|
This application claims priority to U.S. Provisional Application No. 61/387,102, filed Sep. 28, 2010, incorporated by reference herein in its entirety.
The present invention relates generally to techniques for securing electronic transactions and, more particularly, to secure function evaluation (SFE) techniques that provide privacy to the parties of such electronic transactions.
Two-party general secure function evaluation (SFE) allows two parties to evaluate any function on their respective inputs x and y, while maintaining the privacy of both x and y. Efficient SFE algorithms enable a variety of electronic transactions, previously impossible due to mutual mistrust of participants. For example, SFE algorithms have been employed in auctions, contract signing and distributed database mining applications. As computation and communication resources have increased, SFE has become truly practical for common use. A malicious SFE model provides a guarantee of complete privacy of the players inputs, even when a dishonest player follows an arbitrary cheating strategy.
Existing generic two-party SFE algorithms typically employ Garbled Circuits (GCs). For a detailed discussion of GCs, see, for example, Y. Lindell and B. Pinkas, “A Proof of Yao's Protocol for Secure Two-Party Computation,” Journal of Cryptology, 22(2):161-188 (2009). For reasonably complex functions, however, the data transfer required for SFE is prohibitive. In fact, the communication complexity of GC-based SFE protocols is dominated by the size of the GC, which can reach Megabytes or Gigabytes even for relatively small and simple functions (e.g., the GC for a single secure evaluation of the block cipher AES has size 0.5 Megabytes).
While transmission of large amounts of data is often possible, existing networks will not scale should SFE be widely deployed. This is particularly true for wireless networks, or for larger scale deployment of secure computations, e.g., by banks or service providers, with a large number of customers. Additional obstacles include energy consumption required to transmit/receive the data, and the resulting reduced battery life in mobile clients, such as smartphones. Computational load on the server is also a significant problem. Moreover, security against more powerful malicious adversaries requires the use of the standard cut-and-choose technique, which in turn requires transfer of multiple GCs.
Thus, a number of techniques have been proposed or suggested to employ a hardware token at the client to improve the communication efficiency of Yao's garbled circuit generation. See, e.g., K. Jaarvinen et al. “Embedded SFE: Offloading Server and Network Using Hardware Tokens,” Financial Cryptography and Data Security, FC 2010, incorporated by reference herein in its entirety. The token allows much of the data be generated locally by the client, avoiding much of the data transfer (a few Kilobytes, for example, may still be needed). The existing token-based techniques for Yao's garbled circuit generation, however, assume complete tamper-resistance of the hardware token. These techniques may not remain secure if the attacker gains even a few bits of information about the internal state of the token, using side-channel techniques, such as differential power analysis or an analysis of electro-magnetic radiation.
A need therefore exists for improved garbled circuit generation techniques in generic two-party SFE algorithms that do not require complete tamper-resistance of the hardware token. Rather, a malicious client can extract side-channel information from the execution of the token. In other words, a need remains for secure generation of GCs, in the potential presence of continual, adaptive information leakage during token's execution.
Generally, methods and apparatus are provided for generating a garbled circuit for a client in a leakage-resilient manner, for use in secure function evaluation between the client and a server. According to one aspect of the invention, the garbled circuit is generated by obtaining a token from the server, wherein said token comprises a leakage-protected area; querying the token gate-by-gate, wherein for each gate of said garbled circuit, the token interacts with the leakage-protected area to generate a garbled table for the gate; and receiving the garbled circuit from the token.
According to further aspects of the invention, the client can interact with the server to obtain garbled inputs; and then evaluate the garbled circuit on the garbled inputs to obtain a garbled output. A final output can be obtained by matching the garbled output with an output table in the garbled circuit.
The leakage-resilient generation of the garbled circuit can be based on a random correspondence between wire values and their garblings that is processed in the leakage-protected area, and is unknown to the token. The garbled circuit comprises garbled tables for all gates in a circuit C, and the decryption tables for the output wires. The decryption tables comprise an association of output wire keys with their values.
A more complete understanding of the present invention, as well as further features and advantages of the present invention, will be obtained by reference to the following detailed description and drawings.
The present invention improves upon existing generic two-party SFE algorithms that employ a tamper-proof hardware token at the client to improve the communication efficiency of Yao's garbled circuit generation. According to one aspect of the invention, a communication-efficient protocol is provided for Yao's garbled circuit generation using a tamper-proof hardware token embedded with a secret seed for a stream cipher (SC).
The present invention recognizes that a GC constructor token needs to know the correspondence between circuit wire values and their garblings, to construct garbled tables. Now, the adversary needs to leak only a single bit (e.g., the last bit of the garbling of the wire value 0) to learn additional information about the other party's inputs.
According to a further feature of the present invention, a small leakage-resilient component, referred to as a “leakage-protected area,” inside the token is assumed and employed in the GC generator. As used herein, a leakage-protected area is leakage-resilient if, even though the input/output wires of the leakage-protected area may leak information, the internal wires of the leakage-protected area do not substantially leak information. For example, the leakage-protected area can be fabricated between layers in an integrated circuit to reduce the possibility of leakage. The leakage-protected area can be embodied, for example, as a small shielded or otherwise leakage-protected circuit that is embedded inside the token, T, and is capable of basic operations, such as addition and generation of random bits. While one embodiment of the present invention employs a leak proof leakage-protected area, the present invention applies even if there is some amount of leakage, which may be acceptable in some applications, as would be apparent to a person of ordinary skill in the art.
Garbled tables can be generated in the regular leakage-susceptible area of the token. The role of the leakage-protected area is to facilitate the token being oblivious to the correspondence between a wire value and its garbling. This is achieved by representing this correspondence as a bit, which is generated and encoded inside the leakage-protected area. This encoding, which protects the underlying bit against a class of leakage functions, is stored in the token. During garbled table construction, the gate's incoming and outgoing wire garblings and the corresponding bit encodings are passed to the leakage-protected area, which then outputs the encodings of the garbled table entries. These encodings are then encrypted by the token and output to the adversary. An example of a simple bit encoding, which protects against a reasonably powerful class of leakage functions, is the representation of the bit b as a string of random bits, whose exclusive OR (XOR) function is equal to b.
Generic Two-Party SFE Algorithms
As previously indicated, existing generic two-party SFE algorithms typically employ Garbled Circuits (GCs). Y. Lindell and B. Pinkas, “A Proof of Yao's Protocol for Secure Two-Party Computation,” Journal of Cryptology, 22(2):161-188 (2009). For a detailed discussion of exemplary existing generic two-party SFE algorithms, see, for example, Payman Mohassel and Matthew Franklin, “Efficiency Tradeoffs for Malicious Two-Party Computation,” Moti Yung et al., editors, PKC 2006: 9th International Conference on Theory and Practice of Public Key Cryptography, Vol. 3958 of Lecture Notes in Computer Science, 458-473 (New York, N.Y.; Apr. 24-26, 2006); Yehuda Lindell and Benny Pinkas, “An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries,” Moni Naor, editor, Advances in Cryptology—EUROCRYPT 2007, Vol. 4515 of Lecture Notes in Computer Science, 52-78 (Barcelona, Spain, May 20-24, 2007); David P. Woodruff, “Revisiting the Efficiency of Malicious Two-Party Computation,” In Moni Naor, editor, Advances in Cryptology—EUROCRYPT 2007, Vol. 4515 of Lecture Notes in Computer Science, 79-96 (Barcelona, Spain, May 20-24, 2007); Stanislaw Jarecki and Vitaly Shmatikov, “Efficient Two-Party Secure Computation on Committed Inputs,” In Moni Naor, editor, Advances in Cryptology—EUROCRYPT 2007, Vol. 4515 of Lecture Notes in Computer Science, 97-114 (Barcelona. Spain, May 20-24, 2007); and/or Vipul Goyal et al., “Efficient Two Party and Multiparty Computation Against Covert Adversaries,” In Nigel P. Smart, editor, Advances in Cryptology—EUROCRYPT 2008, Vol. 4965 of Lecture Notes in Computer Science, 289-306 (Istanbul, Turkey, Apr. 13-17, 2008), each incorporated by reference in their entirety.
The circuit constructor S creates a garbled circuit {tilde over (C)} from the circuit C: for each wire Wi of C, two garblings {tilde over (w)}i0, {tilde over (w)}i1 are randomly chosen, where {tilde over (w)}ij is the garbled value of Wi's value j. (Note: {tilde over (w)}ij does not reveal j). Further, for each gate Gi, S creates a garbled table {tilde over (T)}i with the following property: given a set of garbled values of Gi's inputs, {tilde over (T)}i allows to recover the garbled value of the corresponding Gi's output. S sends these garbled tables, together called garbled circuit {tilde over (C)}, to evaluator (receiver R).
Additionally, R (obliviously) obtains the garbled inputs {tilde over (w)}i corresponding to the inputs of both parties: the garbled inputs {tilde over (y)} corresponding to the inputs y of S are sent directly: {tilde over (y)}i={tilde over (y)}iy
Now, R evaluates the garbled circuit {tilde over (C)} (which comprises the garbled tables {tilde over (T)}i) on the garbled inputs to obtain the garbled output {tilde over (z)} by evaluating {tilde over (C)} gate by gate, using the garbled tables {tilde over (T)}i. Finally, R determines the plain value z corresponding to the obtained garbled output value using an output translation table sent by S.
As previously indicated, the present invention improves the conventional garbled circuit generator 200 of
In the client-server setting of the present invention, a server A has generated and initialized a secure token T, and sent the token to the client B. T now interacts with B and answers his or her queries on behalf of A. B communicates locally with T, and remotely with A. There is no direct channel between T and A, but of course B can pass (and potentially interfere with) messages between T and A. T is created by A, so A trusts T; however, as B does not trust A, she also does not trust the token T to behave honestly.
By delegating GC generation to T, A offloads a majority of his computation to T, and avoids transferring GC to B. A now only needs to execute several oblivious transfers to send B the garblings of the input wires, and perform certain checks to prevent cheating B.
It is noted that T need not know the circuit C for which it generates GC. As discussed further below in conjunction with
Adversarial Model
A hybrid semi-honest model is considered, where the only allowed malicious behavior is for token receiver B to arbitrarily apply leakage functions to the token T. This is a natural generalization of the semi-honest model, which lends itself to the application of standard techniques for achieving full security against active adversaries. That is, the disclosed protocols can be easily compiled into fully malicious-secure protocols, e.g., by using zero-knowledge proofs or garbled circuit cut-and-choose. See, e.g., Payman Mohassel and Matthew Franklin. “Efficiency Tradeoffs for Malicious Two-Party Computation,” Moti Yung et al., editors, PKC 2006: 9th Int'l Conf. on Theory and Practice of Public Key Cryptography, Vol. 3958 of Lecture Notes in Computer Science, 458-473, Apr. 24-26, 2006; David P. Woodruff, “Revisiting the Efficiency of Malicious Two-Party Computation,” Moni Naor, editor, Advances in Cryptology, EUROCRYPT 2007, Vol. 4515 of Lecture Notes in Computer Science, 79-96, May 20-24, 2007; or Yehuda Lindell and Benny Pinkas, “An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries,” Moni Naor, editor, Advances in Cryptology, EUROCRYPT 2007, Vol. 4515 of Lecture Notes in Computer Science, 52-78, May 20-24, 2007, each incorporated by reference herein in their entirety.
Leakage-Resilient GC Generator 300
The disclosed construction relies on LR bit encoding and LR double-key encryption. LR encoding is an algorithm for representing a bit as a bitstring in such a way that the original value cannot be computed from the encoding by a certain class of functions, which presumably includes the leakage functions occurring in practice. Decode, the inverse operation, which lies outside of this class, recovers the original bit.
LR double encryption (DE) ε is LR encryption, which takes as input two keys, and whose decryption procedure allows to determine whether the decryption has succeeded.
During step 330, for each gate, T interacts with the leakage-protected area to generate LRGT for that gate. Consider a gate g with input wires (w1, w2) and output wires (w3, w4). First, for every wire wi connected to g for which the wire garblings have not yet been generated, the token T generates and stores a triple (i.e., an ordered set of three elements) (ki0, ki1, ki), where ki0, ki1,εK are picked (pseudo)randomly from the key space of DE, and ki←Encode(bi) is an encoding of a (pseudo)random bit bi. The wire keys ki0, ki1's correspondence to wire bit values is determined by bi. The garbling of the value v of the i-th wire is set to be kib⊕v (or, in other words, the wire key kiv corresponds to the wire value bi⊕v).
The leakage-protected area then computes and returns ({wij3·wij4}ijε{0,1}), where for i, jε{0,1} and l=1, . . . , 4:
bl←Decode(kl),
gij←g(b1⊕i,b2⊕j),
wij3←Encode(k3b3⊕g,j), wi,j4←Encode(k4b4⊕gi,j)
(For i, jε{0,1}, gi,j is the gate's output wires' value when its input wires have values b1⊕i and b1⊕j, which means that in the standard garbled table generation, the wire key k3b3⊕gi,j should be encrypted with wire keys k1i and k2j, and similarly the wire key k4b4⊕gi,j should be encrypted with wire keys k1i and k2j. The leakage-protected area, therefore, encodes the output wire keys in the above order, so that T will later be able to construct the garbled table without ever requiring the knowledge of wire keys' correspondence to their bit values. Also, note that Encode is applied independently bit-by-bit to the multi-bit input string.)
T then computes for i, jε{0,1}:
ci,j3←εk
and assigns and outputs GTg←({ci,j3, ci,j4}i, jε{0,1}).
Finally, the leakage-resilient garbled circuit GCf comprises leakage-resilient garbled tables for all the gates in C, and the decryption tables for the output wires, which are simply the association of output wire keys with their values, i.e.,
GCf=({GTg}gεC, {0kibi⊕0,1kibi⊕1}i=m−n+1, . . . , m)
As shown in
The client evaluates the LRGC on the garbled inputs to obtain the garbled output during step 350, and then obtains the actual output during step 360 by matching the garbled output with the output table in LRGC. Thus, on receiving the leakage-resilient garbled circuit GCf and input wire keys ({kibi⊕x[i]}iε[n], {kn+jbn+j⊕y[j]}jε[n]), the client decrypts and evaluates all the garbled gates one-by-one, and then computes the output by finding the appropriate bit values for all the output wires from the decryption table, also contained in GCf.
System and Article of Manufacture Details
While
While exemplary embodiments of the present invention have been described with respect to processing steps in a software program, as would be apparent to one skilled in the art, various functions may be implemented in the digital domain as processing steps in a software program, in hardware by circuit elements or state machines, or in combination of both software and hardware. Such software may be employed in, for example, a digital signal processor, application specific integrated circuit, micro-controller, or general-purpose computer. Such hardware and software may be embodied within circuits implemented within an integrated circuit.
Thus, the functions of the present invention can be embodied in the form of methods and apparatuses for practicing those methods. One or more aspects of the present invention can be embodied in the form of program code, for example, whether stored in a storage medium, loaded into and/or executed by a machine, or transmitted over some transmission medium, wherein, when the program code is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention. When implemented on a general-purpose processor, the program code segments combine with the processor to provide a device that operates analogously to specific logic circuits. The invention can also be implemented in one or more of an integrated circuit, a digital signal processor, a microprocessor, and a micro-controller.
As is known in the art, the methods and apparatus discussed herein may be distributed as an article of manufacture that itself comprises a computer readable medium having computer readable code means embodied thereon. The computer readable program code means is operable, in conjunction with a computer system, to carry out all or some of the steps to perform the methods or create the apparatuses discussed herein. The computer readable medium may be a tangible recordable medium (e.g., floppy disks, hard drives, compact disks, memory cards, semiconductor devices, chips, application specific integrated circuits (ASICs)) or may be a transmission medium (e.g., a network comprising fiber-optics, the world-wide web, cables, or a wireless channel using time-division multiple access, code-division multiple access, or other radio-frequency channel). Any medium known or developed that can store information suitable for use with a computer system may be used. The computer-readable code means is any mechanism for allowing a computer to read instructions and data, such as magnetic variations on a magnetic media or height variations on the surface of a compact disk.
The computer systems and servers described herein each contain a memory that will configure associated processors to implement the methods, steps, and functions disclosed herein. The memories could be distributed or local, and the processors could be distributed or singular. The memories could be implemented as an electrical, magnetic or optical memory, or any combination of these or other types of storage devices. Moreover, the term “memory” should be construed broadly enough to encompass any information able to be read from or written to an address in the addressable space accessed by an associated processor. With this definition, information on a network is still within a memory because the associated processor can retrieve the information from the network.
It is to be understood that the embodiments and variations shown and described herein are merely illustrative of the principles of this invention and that various modifications may be implemented by those skilled in the art without departing from the scope and spirit of the invention.
Kumar, Virendra, Kolesnikov, Vladimir
Patent | Priority | Assignee | Title |
11233774, | Dec 22 2017 | KONINKLIJKE PHILIPS N V | Evaluation of events using a function |
11818249, | Dec 04 2017 | KONINKLIJKE PHILIPS N V | Nodes and methods of operating the same |
Patent | Priority | Assignee | Title |
7143066, | Nov 06 1997 | Intertrust Technologies Corp. | Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
7240198, | Aug 08 2000 | YEDA RESEARCH & DEVELOPMENT CO , LTD | Honesty preserving negotiation and computation |
7725730, | Aug 09 2002 | EMC IP HOLDING COMPANY LLC | Cryptographic methods and apparatus for secure authentication |
8332653, | Oct 22 2004 | AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE LIMITED | Secure processing environment |
8572406, | Mar 31 2010 | Cryptography Research, Inc | Integrated circuit protected against horizontal side channel analysis |
8630620, | Jan 26 2007 | InterDigital Technology Corporation | Method and apparatus for securing location information and access control using the location information |
8689010, | Jun 28 2007 | Microsoft Technology Licensing, LLC | Secure storage for digital rights management |
20010055388, | |||
20030079121, | |||
20040030932, | |||
20050036615, | |||
20090106563, | |||
20090119518, | |||
20090122986, | |||
20090138700, | |||
20090175443, | |||
20110110525, | |||
20110161677, | |||
20110246789, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Jun 30 2011 | Alcatel Lucent | (assignment on the face of the patent) | / | |||
Aug 04 2011 | KOLESNIKOV, VLADIMIR | Alcatel-Lucent USA Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 026871 | /0222 | |
Aug 05 2011 | KUMAR, VIRENDRA | Alcatel-Lucent USA Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 026871 | /0222 | |
Jul 23 2012 | Alcatel-Lucent USA Inc | Alcatel Lucent | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 028620 | /0682 | |
Jan 30 2013 | Alcatel-Lucent USA Inc | CREDIT SUISSE AG | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 030510 | /0627 | |
Aug 19 2014 | CREDIT SUISSE AG | Alcatel-Lucent USA Inc | RELEASE BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 033949 | /0016 | |
Sep 12 2017 | Nokia Technologies Oy | Provenance Asset Group LLC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 043877 | /0001 | |
Sep 12 2017 | NOKIA SOLUTIONS AND NETWORKS BV | Provenance Asset Group LLC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 043877 | /0001 | |
Sep 12 2017 | ALCATEL LUCENT SAS | Provenance Asset Group LLC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 043877 | /0001 | |
Sep 13 2017 | PROVENANCE ASSET GROUP, LLC | CORTLAND CAPITAL MARKET SERVICES, LLC | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 043967 | /0001 | |
Sep 13 2017 | PROVENANCE ASSET GROUP HOLDINGS, LLC | CORTLAND CAPITAL MARKET SERVICES, LLC | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 043967 | /0001 | |
Sep 13 2017 | Provenance Asset Group LLC | NOKIA USA INC | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 043879 | /0001 | |
Sep 13 2017 | PROVENANCE ASSET GROUP HOLDINGS, LLC | NOKIA USA INC | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 043879 | /0001 | |
Dec 20 2018 | NOKIA USA INC | NOKIA US HOLDINGS INC | ASSIGNMENT AND ASSUMPTION AGREEMENT | 048370 | /0682 | |
Nov 01 2021 | CORTLAND CAPITAL MARKETS SERVICES LLC | PROVENANCE ASSET GROUP HOLDINGS LLC | RELEASE BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 058983 | /0104 | |
Nov 01 2021 | CORTLAND CAPITAL MARKETS SERVICES LLC | Provenance Asset Group LLC | RELEASE BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 058983 | /0104 | |
Nov 29 2021 | Provenance Asset Group LLC | RPX Corporation | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 059352 | /0001 | |
Nov 29 2021 | NOKIA US HOLDINGS INC | PROVENANCE ASSET GROUP HOLDINGS LLC | RELEASE BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 058363 | /0723 | |
Nov 29 2021 | NOKIA US HOLDINGS INC | Provenance Asset Group LLC | RELEASE BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 058363 | /0723 |
Date | Maintenance Fee Events |
Oct 02 2014 | ASPN: Payor Number Assigned. |
Jun 18 2018 | REM: Maintenance Fee Reminder Mailed. |
Dec 10 2018 | EXP: Patent Expired for Failure to Pay Maintenance Fees. |
Jan 23 2019 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
Jan 23 2019 | M1558: Surcharge, Petition to Accept Pymt After Exp, Unintentional. |
Jan 23 2019 | PMFG: Petition Related to Maintenance Fees Granted. |
Jan 23 2019 | PMFP: Petition Related to Maintenance Fees Filed. |
Jun 27 2022 | REM: Maintenance Fee Reminder Mailed. |
Dec 12 2022 | EXP: Patent Expired for Failure to Pay Maintenance Fees. |
Date | Maintenance Schedule |
Nov 04 2017 | 4 years fee payment window open |
May 04 2018 | 6 months grace period start (w surcharge) |
Nov 04 2018 | patent expiry (for year 4) |
Nov 04 2020 | 2 years to revive unintentionally abandoned end. (for year 4) |
Nov 04 2021 | 8 years fee payment window open |
May 04 2022 | 6 months grace period start (w surcharge) |
Nov 04 2022 | patent expiry (for year 8) |
Nov 04 2024 | 2 years to revive unintentionally abandoned end. (for year 8) |
Nov 04 2025 | 12 years fee payment window open |
May 04 2026 | 6 months grace period start (w surcharge) |
Nov 04 2026 | patent expiry (for year 12) |
Nov 04 2028 | 2 years to revive unintentionally abandoned end. (for year 12) |